After you right-click a user in Active Directory Users and Computers and press Disable Account, you find that the user can still logon.
If you have multiple domain controllers, and the user is authenticated by a domain controller that you did NOT make the change on, this condition will exist.
When you disable an account, urgent replication is NOT triggered.
NOTE: This condition is also true when you disable the account using the command line:
net user <UserName> /active:no /domain
To workaround this condition, after you disable the account, use Reset Password.
NOTE: To disable the account using the command line:
net user <UserName> /active:no /domain
net user <UserName> <NewPassword> /domain
0 comments
Hide comments